Secure deployment of a software package

ABSTRACT

Techniques for easy and secure deployment of a software package from a server to a customer-controlled computing device are described. In an embodiment, a deployment engine running on a server can be used to generate a unique URL for deployment of the software package. The unique URL may include a restricted use token. The restricted use token may be generated based on a combination of a random selection of one or more dictionary words, numbers, and/or symbols. The restricted token is easily readable given the combination of dictionary words, numbers, and/or symbols that make up the restricted use token. The unique URL may then be entered into a customer-controlled computing device via a curl command. The curl command will use the unique URL to generate a secure channel to the deployment engine and automatically download the software package onto the customer-controlled computing device. Upon downloading and/or installing the software package on the customer-controlled computing device, the unique URL is invalidated so that it may not be reused.

CROSS-REFERENCE TO RELATED APPLICATIONS; BENEFIT CLAIM

This application claims the benefit as a Continuation of U.S. patent application Ser. No. 15/697,270, filed Sep. 6, 2017, which is a Continuation-in-Part of U.S. patent application Ser. No. 15/225,437, filed Aug. 1, 2016, now U.S. Pat. No. 10,133,782, the entire contents of which is hereby incorporated by reference as if fully set forth herein, under 35 U.S.C. § 120. The applicant(s) hereby rescind any disclaimer of claim scope in the parent application(s) or the prosecution history thereof and advise the USPTO that the claims in this application may be broader than any claim in the parent application(s).

TECHNICAL FIELD

The present disclosure relates to deployment of software packages. More specifically, the disclosure relates to techniques for efficient and secure deployment of software packages.

BACKGROUND

Extracting data records from one or more data sources on a client system can be challenging. For example, deploying a data extraction system can be time-consuming, as it requires building customized solutions and scripts for varied client systems and/or data sources. Additionally, any errors or failures during the data extraction process on a client system can affect many downstream systems that rely on the data records that are being extracted. Such errors and failures are more common when using customized solutions and scripts as such custom solutions are more error prone and likely to contain bugs. Additionally, typical data extraction systems, using custom scripts, intermingle business logic with data extraction logic, thereby reducing the integrity and security of the system as business logic may be applied to the data records at the time of data record extraction, and may corrupt or modify the data records. Improvements to existing data extraction techniques are necessary to solve these and other problems.

Furthermore, deployment and/or installation of a software package onto a customer-controlled computing device can be challenging. A customer's information security protocols often prohibit using a physical compact disc (CD), universal serial bus device (USB), or other mobile storage device for installation of software on customer-controlled computing devices. Sending a uniform resource locator (URL) to download the software package via email can be insecure, as the email may be intercepted by malicious actors. Manually typing a URL that is complex can be difficult and is prone to user error. For example, curl commands typically include an HTTP Authorization request header which includes a bearer token that is a 256 character hash. However, any randomized character hash, even those shorter than a 256 character hash, can be difficult to transcribe. For example, a URL that includes a randomized character hash, such “6C7bB6a7B” or “x5777Basdv” can be difficult for a user to type and can be easily mistyped. Likewise, such URLs that include a randomized character hash can be difficult to communicate orally, which may be necessary in a scenario where such a URL must be communicated orally between a vendor's personnel and a customer's information security personnel with access to a customer-controlled computing device. Thus, what is needed is a way to easily and securely deploy software to a customer-controlled computing device.

The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.

BRIEF DESCRIPTION OF THE DRAWINGS

The example embodiment(s) of the present invention are illustrated by way of example, and not in way by limitation, in the figures of the accompanying drawings and in which like reference numerals refer to similar elements and in which:

FIG. 1 is a block diagram of a data extraction computer system, according to one embodiment.

FIG. 2 is block diagram of an extraction job specification, according to one embodiment.

FIG. 3 is a flow diagram of a process for data extraction, according to one embodiment.

FIG. 4 is a block diagram of a computing device in which the example embodiment(s) of the present invention may be embodied.

FIG. 5 is a block diagram of a software system for controlling the operation of the computing device.

FIG. 6 is a block diagram of a software deployment system, according to one embodiment.

FIG. 7 is a flow diagram of a process for deploying a software package, according to one embodiment.

While each of the figures illustrates a particular embodiment for purposes of illustrating a clear example, other embodiments may omit, add to, reorder, and/or modify any of the elements shown in the figures.

DESCRIPTION OF THE EXAMPLE EMBODIMENT(S)

In the following description, for the purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the example embodiment(s) the present invention. It will be apparent, however, that the example embodiment(s) may be practiced without these specific details. In other instances, well-known structures and devices are shown in block diagram form in order to avoid unnecessarily obscuring the example embodiment(s).

Embodiments are described herein according to the following outline:

-   -   1.0 General Overview     -   2.0 Example System Architecture         -   2.1 Extraction Job Specification         -   2.2 Data Extraction Agent         -   2.3 Data Extraction Explorer         -   2.4 Data Record Transformer         -   2.5 Coordinator         -   2.6 Software Deployment System     -   3.0 Example Process     -   4.0 Implementation Mechanisms—Hardware Overview     -   5.0 Implementation Mechanisms—Software Overview     -   6.0 Other Aspects of Disclosure

1.0 General Overview

Data extraction from a variety of data sources typically requires preparing custom scripts for data crawlers in a data extraction system. Preparing such custom scripts can be time-consuming and inefficient, and may slow down the deployment of the data extraction system as well as the expansion of an existing data extraction system to include additional data sources. Furthermore, such custom scripts may not be reusable in subsequent data extraction system deployments. Custom scripts are also more prone to errors and bugs that can cause issues to downstream systems that rely on the integrity of the data records that are being extracted.

Techniques for data extraction and collection are described. In one embodiment, a data extraction agent is programmed or configured to perform data extraction from a data source based on one or more extraction job specifications. An extraction job specification is stored digital data that identifies a data source containing data records, a data recipient, and, optionally, a schedule. The data extraction agent executes operations according to the extraction job specification to extract data records from the data source and create a transaction of data records based on the schedule. A transaction may be defined as a set of data to be sent to a data recipient and may include a set of extracted data records and/or metadata. The data comprising the transaction is then sent to the data recipient.

In one embodiment, the extraction job specification may further include an inline processor that indicates one or more operations to perform on the data records during extraction by the data extraction agent. For example, an inline processor may include a regular expression, a structured query language (SQL) query, or some other criteria to apply to the data records during extraction. In another embodiment, the system further comprises a data extraction explorer that interoperates with a user interface to permit computers to view and customize an extraction job specification.

Using these techniques, the embodiments described herein solve the aforementioned problems by allowing for a rapid deployment and expansion of a data extraction system by programmatically implementing the extraction system without requiring custom scripting. The system can be deployed in any environment, and any necessary customization can be performed via the extraction job specification, without the need to prepare custom scripts for data extraction. Furthermore, in one embodiment, the present system provides various security advantages, as the data extraction system does not apply business logic to the data records. Rather, the business logic can be implemented solely at the data recipient. Therefore, the present implementation separates the business logic from the data extraction system, improving security and improving the ability of multiple parties to work on different aspects of the data extraction at the client system.

Further, in an embodiment, techniques for easy and secure deployment of a software package, such as a data extraction agent, from a server to a customer-controlled computing device are described. In an embodiment, a deployment engine running on a server can be used to generate a unique URL for deployment of the software package. The unique URL may comprise a URL that includes a restricted use token. The restricted use token may be generated based on a combination of a random selection of one or more dictionary words. The restricted token is easily readable given the combination of dictionary words. In another embodiment, the restricted use token may be generated based on an easily readable combination of a random selection of dictionary words, numbers, and/or symbols. The unique URL may then be entered into a customer-controlled computing device via a command, such as a curl command, a wget command, a BITSAdmin command, an Invoke-WebRequest command, or any other similar command for downloading a file from a web address. The command will use the unique URL to generate a secure channel to the deployment engine and automatically download and/or install the software package onto the customer-controlled computing device. The unique URL is a limited-use URL, and will only be valid for a limited time period and/or a limited number of uses. In an embodiment, upon downloading the software package on the customer-controlled computing device, the unique URL is invalidated so that it may not be reused. In an embodiment, the software package is further installed on the customer-controlled computing device after download. These techniques thus allow a user to easily deploy and/or install a software package on a customer-controlled computing device using a limited-use URL that includes a readable restricted use token. The restricted use token allows for easy typing of the URL compared to a fully randomized URL. By limiting the use of the URL, security is improved by invalidating the URL after it is used, thereby preventing malicious users from downloading and/or installing the software package using the same URL.

2.0 Example System Architecture

FIG. 1 illustrates an example data extraction system in which the techniques described herein may be practiced, according to some embodiments. In the example of FIG. 1 , a data extraction system 100 is a computer system programmed to perform data extraction and may be implemented across one or more computing devices. The example components of data extraction system 100 shown in FIG. 1 are implemented at least partially by hardware at one or more computing devices, such as one or more hardware processors executing stored program instructions stored in one or more memories for performing the functions that are described herein. In other words, all functions described herein are intended to indicate operations that are performed using programming in a special-purpose computer or general-purpose computer, in various embodiments. Data extraction system 100 illustrates only one of many possible arrangements of components configured to execute the programming described herein. Other arrangements may include fewer or different components, and the division of work between the components may vary depending on the arrangement.

Data extraction system 100 is programmed or configured to efficiently extract data from one or more client systems 102 and to provide the extracted data to one or more server systems 104. In one embodiment, client system 102 and server system 104 are different computers, however, in another embodiment, client system 102 and server system 104 are implemented on the same computing device.

Client system 102 also may be implemented across one or more computing devices and comprises one or more one or more data sources 130, 132, 134. A “data source” may be any repository of computer-implemented data records. A “data record” may be defined as any computer-implemented data, such as a file, a data object, a database entry, a data message, or any other similar representation of computer-implemented data. The embodiments described herein do not require any particular type or format of the data records provided by a data source. Thus, a data source may comprise a file system, a relational database managements system (RDBMS), a non-relational database, an object store, a distributed file system (DFS) such as a Hadoop distributed file system (HDFS), a Java Database Connectivity (JDBC) source, an email repository, data received through an application programming interface (API), a source code repository, a cloud-based data repository such as Amazon Simple Storage Service (S3), a message queue, or any other repository on one or more computing devices that contains data records. Each of the data sources 130, 132, 134 may be implemented as a different type of data source. For example, in client system 102, data source 130 may be a HDFS data source, data source 132 may be a RDBMS data source, and data source 134 may be a traditional file system data source.

Client system 102 includes one or more bootstrappers 110, 120. A “bootstrapper” may be a program or system that is configured or programmed for assisting in the extraction of data records from one or more data sources. In one embodiment, a bootstrapper does not include any business logic that modifies the data records that are extracted, thereby ensuring that the integrity and security of the data records and their data sources is maintained. A bootstrapper may include a data extraction agent. For example, bootstrapper 110 includes data extraction agent 112 and bootstrapper 120 includes data extraction agent 122. A “data extraction agent” may be a subsystem of a bootstrapper that is programmed or configured for crawling a data source and/or performing data extraction of data records from a data source using one or more extraction job specifications, as will be described herein.

A bootstrapper may optionally include a data extraction explorer. For example, bootstrapper 110 includes data extraction explorer 114 and bootstrapper 120 includes data extraction explorer 124. A “data extraction explorer” may be a subsystem of a bootstrapper that is programmed or configured for providing a communications interface between a bootstrapper and a user interface, such as user interface 150, as described in other sections herein.

In one embodiment, the bootstrapper is programmed or configured to manage the life cycle and resource management of its data extraction agent and/or data extraction explorer. In another embodiment, a bootstrapper includes an application programming interface (API) to an external system (not depicted) that is programmed or configured to query the bootstrapper for metrics regarding the performance of the data extraction agent and/or data extraction explorer. These metrics can include data regarding the amount of data records that have been extracted from one or more data sources, the amount of transactions sent downstream to a server system 104, the computing resources used by the data extraction agent and/or explorer, such as disk space and CPU, log files, and errors and warnings detected by the data extraction agent and/or data extraction explorer.

Each of data sources 130, 132, and 134 is communicatively coupled to one or more bootstrappers. For example, in system 100, data sources 130, 132, and 134 are communicatively coupled to bootstrapper 110. Similarly, in system 100, data source 134 is communicatively coupled to bootstrapper 120. As can be seen with the example of data source 134, a data source may be communicatively coupled to multiple bootstrappers. Coupling a data source to multiple bootstrappers can improve system redundancy. Alternatively, coupling a data source to multiple bootstrappers can allow for unique handling of the data records from that data source by different bootstrappers. Additionally, a bootstrapper may be communicatively coupled to one or more data sources.

Server system 104 includes a data record transformer 140. A “data record transformer” may be a subsystem that is programmed or configured for processing and/or manipulating data records received from one or more data extraction agents that are communicatively coupled to the data record transformer. For example, in data extraction system 100, data record transformer 140 is communicatively coupled to data extraction agent 112 and data extraction agent 122. Data extraction agent 112 and data extraction agent 122 each is programmed or configured to transmit a transaction containing extracted data records collected from data sources 130, 132, and 134 to data record transformer 140. In one embodiment, data record transformer 140 is programmed or configured to transform the extracted data records by applying one or more algorithms or data manipulation operations to the extracted data records. In one embodiment, the data manipulation operations applied by a data record transformer 140 includes business logic for manipulating the extracted data records. For example, in one embodiment, the data record transformer 140 creates transformed data as the result of transforming the extracted data records. In one embodiment, a data record transformer 140 is programmed or configured for storing data in a data storage device coupled to server system 104 (not depicted) related to the extracted data records. The stored data could be the original extracted data records as received from data extraction agents 112 and/or 122, or the transformed data. Although depicted in FIG. 1 as a single data record transformer, in another embodiment, server system 104 may include multiple data record transformers 140 that may be arranged serially, in parallel, or in some other configuration.

Server system 104 may optionally include data record consumer 160. A “data record consumer” may be a subsystem that consumes data received from data record transformer 140. Data record consumer 160 may be communicatively coupled to data record transformer 140. In one embodiment, data record consumer 160 is programmed or configured to interoperate with a client computer to view the contents of the data records or the transformed data after processing by data record transformer 140.

In one embodiment, client system 104 may optionally include user interface 150 that is communicatively coupled to one or more data extraction agents 112 and/or 122. User interface 150 may be used to interact with data extraction explorer 114 and/or data extraction explorer 124, as will be described herein. In one embodiment, data extraction explorer 114 may be communicatively coupled to extraction job specification repository 170 and/or coordinator 180.

Extraction job specification repository 170 is a repository that stores one or more extraction job specifications. An extraction job specification includes one or more configuration files that provide configuration details describing how to extract data records from a data source. Thus, an extraction job specification can be used by data extraction agent 112 or 122 to perform data extraction from data sources 130, 132, or 134. Further details about the contents of an extraction job specification will be described herein. Extraction job specification repository can be communicatively coupled to client system 102 and/or server system 104. In one embodiment, extraction job specification repository 170 is a part of client system 102. In another embodiment, extraction job specification repository 170 is a part of server system 104. In yet another embodiment, extraction job specification repository 170 is implemented as its own system, separate from client system 102 and/or server system 104.

In one embodiment, server system 104 includes a coordinator 180. Coordinator 180 may be responsible for managing bootstrappers 110 and 1120 and/or extraction job specification repository 170.

2.1 Extraction Job Specification

An extraction job specification includes one or more configuration files that provide configuration details for how to extract data records from a data source. In one embodiment, an extraction job specification can be implemented in any markup language or data format syntax, such as extensible markup language (XML), “YAML Ain't Markup Language” (YAML), or JavaScript Object Notation (JSON), and is stored in the form of digital data in a storage device or digital memory.

FIG. 2 illustrates an exemplary extraction job specification 200, according to one embodiment. An extraction job specification includes a data source repository identifier. A data source repository identifier identifies one or more data sources that a data extraction agent should crawl and extract data from. In one embodiment, a data source repository identifier could include the name of computing device that contains a data source, an IP address of a data source, or any other identifier that identifies a data source. For example, extraction job specification 200 includes data source repository 202 that identifies a data source repository with a Source Name of “fruit_HDFS”, a Source_Type of “HDFS” and a Source_Root_Directory of “webhdfs://localhost:900/path”.

An extraction job specification includes one or more target mappings. A target mapping identifies criteria for extracting data from a data source. For example, extraction job specification 200 includes target mapping 204. A target mapping may include one or more inline processors and one or more data recipient identifiers. For example, target mapping 204 includes inline processors 206 and 208. An inline processor is a set of operations to be performed on data records that are being extracted from a data source during the extraction process. In one embodiment, an inline processor will only perform minimal processing of the data from a data source, as further processing will be handled by a downstream data record transformer on the server side. Thus, an inline processor will not contain any business logic and will not view the internal contents of a data record. An inline processor can indicate criteria that must be applied to a data record during data extraction. For example, inline processor 206 indicates that the data extraction agent will only process data records that have a data_record_size that exceeds 1 MB. Thus, in this example, any data records that do not exceed 1 MB will be ignored during the data extraction process. Similarly, inline processor 208 indicates that data records should be grouped together based on the date_last_modified criteria using a “GroupBy” operation. Thus, based on inline processor 208, data records that have been modified on the same date will be grouped together into a single transaction when transmitted to a server system instead of being sent as individual transactions. Inline processors are pluggable, as a user can implement a customized inline processor by specifying one or more criteria to apply to a data record during data extraction. For example, in one embodiment, an inline processor may include one or more scripts, regular expressions, and/or SQL expressions to apply to data records during the data extraction process. By using a, script, regular expression, and/or a SQL expression, a user computer can specify the criteria to be used during the extraction process performed by the data extraction agent. Thus, a user can, using a user computer, easily write and provide a customized pluggable inline processor. Moreover, an inline processor provides filtering and/or grouping functionality during runtime of the extraction process by the data extraction agent. Inline processors allow for customization of data extraction techniques by the present data extraction system without requiring the details of custom script writing.

Additionally, target mapping 204 may include one or more data recipient identifiers. For example, target mapping 204 includes data recipient identifier 210. A data recipient identifier identifies one or more data recipients, located at a server system, to receive data extracted from the one or more data sources identified by the data source repository identifier. Data recipients may comprise computers, files, programs, methods, objects, threads, processes and the like. In one embodiment, a data recipient identifier may identify one or more data record transformers 140 that are to receive data from a data source 130, 132, and/or 134. In the example of extraction job specification 200, data recipient identifier 210 indicates that the data received from a processor will be sent to a data record transformer called “fruit_data_record_transformer”. In another embodiment, a data recipient identifier may identify one or more data record consumers 160 that are to receive data records from a data source 130, 132, and/or 134.

In one embodiment, an extraction job specification optionally includes a schedule that indicates the timing of when to retrieve data records from the data source. For example, extraction job specification 200 includes schedule 212. A schedule can be implemented as any sort of syntax or data structure that can be used to specify the timing of when a data extraction agent is to retrieve data records from a data source. For example, schedule 212 is implemented as a cron schedule string, wherein each position in the cron schedule string refers to a different granularity of scheduling. For example, in one embodiment, the first position in the string represents seconds, the second position represents minutes, the third position represents hours, the fourth position represents the day of the month, the fifth position represents the month, the sixth position represents the day of the week, and the seventh position represents the year. Thus, the schedule 212, represented as “30 * * * * ? *”, indicates that the data extraction for this particular target mapping should occur every 30 seconds. Schedule 212 allows a user computer to quickly and easily customize the frequency that data records should be extracted from a data source. This customization can occur directly in the extraction job specification, without having to be hard-coded in the data extraction agent. In another embodiment, an extraction job specification does not include a schedule. Instead, the extraction job specification may be remotely triggered to execute by a data extraction agent 112, for example, via a user interface on a remote computing device.

An extraction job specification may optionally include a completion strategy processor. A completion strategy processor identifies one or more operations to apply to a data record in a data source after extracting the data record and/or after sending a transaction containing the data record to a data recipient. For example, extraction job specification 200 includes a completion strategy processor 214 that indicates that a data record should be deleted after transmission to a server system. A completion strategy processor can be specified for any sort of data record manipulation operation, including deleting the data record, encrypting the data record, copying the data record, moving the data record, etc. In one embodiment, a completion strategy processor can be implemented as a regular expression or a SQL query.

In one embodiment, an extraction job specification may include a package, library, data object, or file that can be used to help configure access to a data source. For example, an extraction job specification may include a Java Archive (JAR) file, a dynamic link-library (DLL) file, a device driver, or any other kind of package, library, or configuration file that can enable access to a data source.

2.2 Data Extraction Agent

Data extraction agent 112 is programmed or configured to perform live data extraction from one or more data sources 130, 132, and/or 134 by using a data extraction job specification. Although the present discussion will discuss data extraction agent 112, similar logic may be applied to data extraction agent 124. Data extraction agent 112 is programmed or configured to contact and query, or “crawl,” one or more data sources 130, 132, and/or 134, as specified in the data source repository identifier of the extraction job specification, to identify new data records for extraction. Data extraction agent 112 is programmed or configured to perform crawling and extraction of data records based on the schedule specified in the data extraction job specification. In one embodiment, data extraction agent 112 uses the relevant package, library, or configuration file specified in the extraction job specification in order to crawl and/or extract data records from a data source 130, 132, and/or 134. The data extraction agent 112 thus crawls the data sources 130, 132, and/or 134 and collects data records that should be transmitted to a downstream system, such as data record transformer 140.

During this extraction process, data extraction agent 112 is programmed or configured to apply one or more inline processors that are specified in the extraction job specification to data records that are extracted from a data source. Such inline processors may filter the data records and/or group them into a set of data records that should be handled in a single transaction. The data extraction agent 112 creates a transaction for transmission to a data recipient as identified by the extraction job specification. As described earlier, a transaction is a set of data that includes one or more extracted data records and may optionally include additional metadata. Metadata may include data regarding the size of the transaction, the data source of the data records, the timing of the data extraction, errors or warning messages regarding the data extraction, or any other information regarding the data extraction. In one embodiment, the extracted data records included in a transaction are unmodified and are thus the same as the data records that were collected from the data sources, because the data extraction agent 112 does not apply any business logic to the data records during the extraction process. Thus, the data records that are included in the transaction are unmodified and uncorrupted. This ensures that the data records that are sent downstream are accurate and minimizes the likelihood of corruption to the data records by the data extraction agent 112, which could affect downstream systems.

Once data extraction agent 112 has extracted the data records from the one or more data sources and/or once the data extraction agent 112 has sent the transaction to the data record transformer 140, the data extraction agent 112 is programmed or configured to apply one or more completion strategy processors to the data records, such as deletion, encrypting, copying, moving, or similar data record manipulation operations. The completion strategy processors can be specified in the extraction job specification.

In one embodiment, data extraction agent 112 and its application of inline processors and/or completion strategy processors are configured or programmed not to modify the contents of the data records that are packaged into a transaction. Data extraction agent 112 only does minimal processing on the data records, where the processing is focused on extraction-related tasks, and does not include any business logic for data transformation. Such business logic for data transformation can be segregated into the downstream data record transformer 140. By segregating the application of business logic away from data extraction agent 112, the present data extraction system allows multiple parties to manage different aspects of the data extraction process. A first party may be a customer that is interested in having its data records extracted from client system 102. The first party can ensure that that bootstrapper 110 and data extraction agent 112 have appropriate read and/or write access to data sources 130, 132, and 134. A second party may be a party that is assisting with technical aspects of how and when the data record extraction is performed. The second party can customize the data extraction agent 112, via the extraction job specification, to customize the specifics of the data extraction, including, but not limited to what kind of data records extracted, how data records are extracted, how data records are grouped into transactions, and/or when the data records are extracted. Business logic is segregated downstream to data record transformer 140 to ensure that the business logic and data record transformation do not interfere with the ability of the second party to customize how and when the data record extraction is performed. Any such business logic can be applied at a server system 104. This architecture ensures that two different parties can safely and securely manage the data record extraction process on client system 102, within interference from business logic, as such business logic is segregated to server system 104.

Moreover, by segregating the business logic away from data extraction agent 112, the present data extraction system does not require repeated updates to the data extraction agent 112 every time a change to business logic is made. Instead, any changes to business logic can be made at the server system 104, for example in data record transformer 140 or in data record consumer 160.

The present system allows for rapid deployment of new data extraction agents by using an extraction job specification instead of having to write custom scripts for such data extraction. The format and structure of such extraction job specifications can be reusable for similar data sources across different deployments of the data extraction system. For example, a similar extraction job specification can be used for a first RDBMS data source in a first deployment of a data extraction job system as a second RDBMS data source in a second deployment of a data extraction job system in a second client system. During the second deployment, a user computer, program or system will merely need to modify certain fields of the extraction job specification, without having to write a custom or bespoke script for the data extraction process.

In one embodiment, data extraction agent 112 is programmed or configured to perform basic data validation on a data record before including the data record in a transaction. For example, data extraction agent 112 can validate that a data record is not corrupt. If a data record is corrupt, it may be excluded from a transaction.

In one embodiment, data extraction system 100 includes multiple data extraction agents 112 and 122. Including multiple data extraction agents 112 and 122 on a client system 102 can allow for load balancing between the data extraction agents 112 and 122, and/or allow for customized handling of different data sources by different data extraction agents 112 and 122. In one embodiment, each data extraction agent 112 and 122 uses its own unique extraction job specification(s), however, in another embodiment, each data extraction agents 112 and 122 share access to the same extraction job specification(s).

2.3 Data Extraction Explorer

In one embodiment, a bootstrapper may optionally include a data extraction explorer that provides a communication interface from the bootstrapper to the server system. For example, data extraction system 100 includes data extraction explorer 114 and/or data extraction explorer 124. The following description will describe embodiments with relation to data extraction explorer 114, however, analogous functionality could be included in data extraction explorer 124. Data extraction explorer 114 is responsible for carrying out operations in bootstrapper based on communications with user interface 150. In one embodiment, data extraction explorer 114 is programmed or configured to interoperate with a user interface 150 to view the contents of an extraction job specification that is being used by bootstrapper 110. In one embodiment, data extraction explorer 114 allows a user interface 150 to view the file structure of data records in one or more data sources connected to bootstrapper 110. In one embodiment, data extraction explorer 114 allows a user interface 150 to view error messages and/or metadata associated with data extraction from the data sources connected to bootstrapper 110. In one embodiment, data extraction explorer 114 allows a user interface 150 to view the status of one or more transactions in bootstrapper 110. In one embodiment, data extraction explorer 114 is programmed or configured to interoperate with a user interface 150 to view log messages associated with bootstrapper 110.

In one embodiment, data extraction explorer 114 allows a user computer to interact with and test new or modified extraction job specifications via user interface 150. A user computer can access a user interface 150 that allows them to modify a proposed extraction job specification. The user computer can send the proposed extraction job specification to data extraction explorer 114 and have the data extraction explorer 114 run the proposed extraction job specification by accessing data extraction agent 112. For example, a user computer can input regular expressions and SQL expressions to be used in a proposed extraction job specification that will be included in an inline processor or completion strategy processor. The data extraction explorer 114 can run the proposed extraction job specification and send the results to the user interface 150 so that a user can view and verify that results were as expected. This functionality allows a user computer to interact with and test changes to a proposed extraction job specification before deploying it to the extraction job specification repository 170.

In one embodiment, the initiation of communication between a data extraction explorer 114 and user interface 150 is one-sided and can only be initiated by the data extraction explorer 114. For example, the user interface cannot directly send requests to the data extraction explorer 114. Instead, the data extraction explorer 114 will periodically poll the user interface 150 to determine if the user interface 150 has any pending requests that have not been processed. These requests could include, for example, a request to run a particular proposed extraction job specification. The timing of this polling can be pre-configured via a setting. In one embodiment, for example, the polling can occur every 30 seconds. When the data extraction explorer 114 detects a pending request at the user interface 150, the data extraction explorer 114 can execute the pending request and then send the results of the execution back to the user interface 150. By limiting the communication between the systems to be one-sided as described, the security of the system is improved, as the user interface 150 located at server system 104 cannot initiate a data transfer between the systems. Instead, the initiation of all data transfers must occur at the client system 102. Therefore, if the server system 104 is compromised, for example by malicious software (“malware”), the server system 104 cannot actively initiate a data transfer to data extraction explorer 114, for example, to run a compromised proposed extraction job specification. The client system 102 can protect itself against such data transfers by disabling its polling function.

In one embodiment, the data extraction explorer 114 is implemented on a separate virtual machine than the data extraction agent 112 so that the performance of the data extraction agent 112 is not degraded based on the performance of the data extraction explorer 114.

2.4 Data Record Transformer

Data record transformer 140 is a subsystem of server system 104 that includes instructions for data manipulation operations to modify or transform one or more extracted data records that are received from a data extraction agent. In one embodiment, these data manipulation operations may save the extracted data records in a data storage system coupled to server system 104. In one embodiment, the data record transformer 140 modifies the extracted data records and creates transformed data records that represent the output of the data manipulation operations. In one embodiment, these data manipulation operations include operations for cleaning and/or validating the extracted data records when creating the transformed data records. In one embodiment, the transformed data records are stored in data storage. The data manipulation operations that are employed by data record transformer 140 include system-specific business logic. By segregating the system-specific business logic away from bootstrappers 110 and 120, the data extraction system 100 can ensure the integrity and security of the data records and data sources extracted at client system 102. Likewise, by segregating the system-specific business logic away from bootstrappers 110 and 120, the management of the data extraction process can be shared across two parties: a first party that provides read and/or write access from bootstrappers 110 and 120 to data sources 130, 132, and 134; and a second party that can customize the specific technical details of how and when data record extraction is performed via extraction job specifications that are accessible to data extraction agents 112 and 122. Furthermore, by segregating the system-specific business logic to the data record transformer 140, the data extraction system 100 also ensures that the bootstrappers 110 and 120 can be rapidly deployed, as they do not require custom scripting that includes system-specific business logic. Instead, the bootstrappers 110 and 120 can be implemented as subsystems that are agnostic of business logic, thereby ensuring that the data extraction system can be deployed onto new client systems 102 quickly without requiring custom scripting or bespoke implementations for particular business scenarios.

In one embodiment, server system 104 can include multiple data record transformers 140 that can either share a similar business logic function or be responsible for separate business logic functions. These multiple data record transformers 140 can be implemented serially, in parallel, or in some other configuration.

In one embodiment, data record transformer 140 can provide access to the transformed data records to a data record consumer 160. Data record consumer can be an end-user application, or an application programming interface (API) for communication with separate systems.

In one embodiment, all communication between a data extraction agent 112 and data record transformer 140 is one-sided and can only be initiated by the data extraction agent 112 and not the data record transformer 140. By insulating the initiation of communication such that it always must originate from the client system 102, the security of the system is improved, as it prevents the server system 104 from pushing unwanted malware to the client system 102. In one embodiment, data extraction agent 112 can check for new message requests by the data record transformer 140 by periodically polling the data record transformer 140. If the security of the server system 104 is compromised, the data extraction agent 112 can disable the polling to protect client system 102.

2.5 Coordinator

In one embodiment, server system 104 includes coordinator 180. Coordinator 180 is a subsystem responsible for managing bootstrappers 110 and/or 120. For example, in one embodiment, coordinator 180 can manage the load balance between multiple bootstrappers 110 and 120. In one embodiment, bootstrappers 110 and/or 120 may send log files to coordinator 180 to allow the coordinator 180 to perform debugging functions for the bootstrappers and/or generate warning notifications about potential technical issues occurring in the bootstrappers.

In one embodiment, coordinator 180 may further manage an extraction job specification repository 170. For example, after a user computer has approved the deployment of a new extraction job specification, the coordinator 180 can notify the extraction job specification repository 170 that a new approved extraction job specification is ready for deployment in the data extraction system 100. The extraction job specification repository 170 can then retrieve the new extraction job specification with the help of the coordinator 180 and send the new extraction job specification to the appropriate bootstrappers. In another embodiment, the coordinator 180 can push the new extraction job specification to extraction job specification repository 170.

2.6 Software Deployment System

Deploying software packages to customer-controlled computing device by a vendor can be challenging. Customer-controlled computing devices are typically managed by a customer's information security personnel and must adhere to certain network security protocols and/or compliance protocols, including, but not limited to, firewalls, spam filtering, Virtual Private Network (VPN) restrictions, port and/or host restrictions, and any other network security protocol or compliance protocol that may limit an outside vendor's access to a customer-controlled computing device. Deploying a software package to such a customer-controlled computing device may require the vendor's personnel or the customer's information security personnel to manually deploy the software package onto the customer-controlled computing device. However, the customer's network security protocols may prohibit the use of physical compact discs (CDs), Universal Serial Bus (USB) devices, floppy disks, portable hard drives, or any other similar storage device from being attached to the customer-controlled computing device. Thus, deployment of a software package may require a secure download of the software package from a remote system over a secure network or channel. However, manually entering a uniform resource locator (URL) on a customer-controlled computing device to create the secure channel can be prone to user error and time-consuming if the URL is completely randomized, such as with a 256 character hash or similar random string of characters. For example, the following URL is an example of a URL that is randomly generated using 20 random numbers and characters: “http://www.example.com/B88qOEbLV6hFDhfL8G36”. Such a completely randomized URL can be very challenging for a user to type as it requires many individual key strokes that are not logically organized. Moreover, given the complexity of such a randomized URL can be difficult for a user to visually review or validate for correctness, as even a single mistake, such as improper capitalization of a letter, may render the URL inaccurate and such a mistake may difficult to identify through visual inspection. Such a URL containing a random string of characters can be difficult for a user, such as customer's information security personnel or the vendor's personnel, to type on the customer-controlled computing device, and can be easily mistyped. Likewise, given the complexity of such a URL, it can be difficult to communicate such a URL orally from a vendor's personnel to a customer's information security personnel. In some scenarios, a customer's information security protocol requires that the customer's information security personnel accesses the customer computing device, thus, oral communication between the vendor's personnel and the customer's information security personnel is necessary.

In an embodiment, a software deployment system may be programmed or configured to securely and efficiently deploy a software package to a customer-controlled computing device. For example, a deployment system may be used to securely and efficiently deploy one or more of bootstrappers 110 and 120, data extraction agents 112 and 122, and/or data extraction explorers 114 and 124.

FIG. 6 illustrates an example software deployment system 600 in which the techniques described herein may be practiced, according to some embodiments. In the example of FIG. 6 , a software deployment system 600 is a computer system programmed to perform deployment of a software package and may be implemented across one or more computing devices. The example components of software deployment system 600 shown in FIG. 6 are implemented at least partially by hardware at one or more computing devices, such as one or more hardware processors executing stored program instructions stored in one or more memories for performing the functions that are described herein. In other words, all functions described herein are intended to indicate operations that are performed using programming in a special-purpose computer or general-purpose computer, in various embodiments. Software deployment system 600 illustrates only one of many possible arrangements of components configured to execute the programming described herein. Other arrangements may include fewer or different components, and the division of work between the components may vary depending on the arrangement.

Software deployment system 600 is programmed or configured securely and efficiently deploy one or more software packages to a customer-controlled computing device 610. Software deployment system 600 may include a customer-controlled computing environment 602 and a vendor computing environment 604. Customer-controlled computing environment 602 may be a logical grouping of a customer's computing devices, including, but not limited to customer-controlled computing device 610. Likewise, vendor computing environment may be a logical grouping of a vendor's computing devices. The grouping of customer-controlled computing environment 602 and/or vendor computing environment 604 may represent any sort of logical grouping of computing devices, including, but not limited to: a firewall, computing devices under control of a legal entity, computing devices located in the same geographical location and/or physical building, computing devices located on the same server rack, or any other similar logical grouping.

Customer-controlled computing environment 602 may include one or more customer-controlled computing devices 610 where the software package will be deployed or installed. For example, customer-controlled computing device may be a client device, a server device, a laptop, a mobile device, or any other similar computing device.

Software deployment system 600 may include a vendor computing device 630, which is programmed or configured to assist in deployment of a software package onto customer-controlled computing device 610. For example, vendor computing device 610 may be a laptop, mobile device, or other personal computing device of a vendor personnel. While shown in software deployment system 600 as external to customer-controlled computing environment 602 and vendor computing environment 604, in other embodiments, the vendor computing device 630 may be implemented as part of one of these environments.

Vendor computing device 630 is communicatively coupled to deployment engine 620. For example, in an embodiment, vendor computing device 630 may be communicatively coupled to deployment engine 620 over the Internet, a Virtual Private Network (VPN), or some other similar network communication.

Deployment engine 620 is programmed or configured to generate a unique URL that may be used to initiate a deployment of the software package. The unique URL may include, in part, a restricted use token, which is a readable string. In an embodiment, the unique URL is generated in response to a request from vendor computing device 630 to generate the software package.

Deployment engine 620 is programmed or configured to generate the restricted use token for the unique URL by selecting N dictionary strings from the dictionary 640. Dictionary 640 is programmed or configured to store a plurality of candidate dictionary strings that are suitable for inclusion in a restricted use token. For example, dictionary 640 may include dictionary strings that are dictionary words, such as English dictionary words. In an embodiment, the dictionary strings stored in dictionary 640 may include words of a certain size limit to ensure that the words are easily readable. For example, dictionary 640 may include words that all are 10 characters or less in length. To illustrate, dictionary 640 may include the words “Apple”, “Blue”, “Carpet”, and “River”, among other words. In another embodiment, dictionary 640 may store dictionary strings that consist of only lowercase characters or only uppercase characters. To illustrate, dictionary 640 may include the words “apple”, “blue”, “carpet”, and “river”, among other words. In an embodiment, dictionary 640 may exclude certain words that are common homophones, as such words may be difficult to orally convey. For example, the words “route” and “root” are homophones and may be difficult to say orally, as it would require clarification by the speaker as to which spelling is intended. In an embodiment, dictionary 640 may exclude all homophone pairs. In another embodiment, dictionary 640 may exclude one word in a given homophone pair.

In an embodiment, dictionary 640 may additionally store dictionary strings that represent single alphanumeric characters, in addition to the previously described words. For example, dictionary 640 may include dictionary strings that are each made up of a single alphanumeric character such as “A”, “B”, “C”, “1”, “2”, and “3”, among other characters. Similarly, dictionary 640 may additionally store dictionary strings that represent non-alphanumeric symbols, in addition to alphanumeric characters and dictionary words. For example, dictionary 640 may include non-alphanumeric symbols such as “-”, “!”, and “&”, among other symbols.

Deployment engine 620 is programmed or configured to randomly select a plurality of N dictionary strings from dictionary 640 to generate a restricted use token. The value of N may be any integer value greater than zero, including, but not limited to 1, 2, 3, 4, and so forth. In an embodiment, the value of N is randomly determined by the deployment engine 620 at the time that the restricted use token is generated to provide more variability in generating the restricted use token. In another embodiment, the value of N may be a fixed value that is pre-stored by deployment engine 620. In an embodiment, given that including many randomized single alphanumeric characters and/or non-alphanumeric symbols in a restricted use token may make the restricted use token difficult to read compared to dictionary words, in one embodiment, the number of such single alphanumeric characters and/or non-alphanumeric symbols is limited by deployment engine 620 by a pre-stored value. For example, in one embodiment, a minimum of three single alphanumeric characters and/or non-alphanumeric symbols may be selected to generate the restricted use token.

Once deployment engine 620 randomly selects the plurality of N dictionary strings, it is programmed or configured to concatenate the strings into a restricted use token. The N dictionary strings may be concatenated directly together, or alternatively, may be concatenated with a character delimiter between each dictionary string. The deployment engine 620 may combine the restricted use token with a previously stored string for the root of the URL. The root string and the restricted use token are then concatenated to generate a unique URL for the deployment of the software package.

Deployment engine 620 stores validity data that indicates that the particular restricted use token is a valid restricted use token for the deployment of the software package. For example, the validity data may indicate that the restricted use token may only be used once and that there have been no previous attempts to use the restricted use token. In an embodiment, deployment engine 620 may additionally store validity data that represents how long the restricted use token will be valid for. For example, deployment engine 620 may store time threshold data indicating a time window when the restricted use token will be useable. Thus, a restricted use token may expire at the end of time window to prevent malicious users from attempting to guess the restricted use token via brute force hacking techniques. Deployment engine 620 may store use threshold data indicating the number of times the restricted use token may be used. For example, deployment engine 620 may store data that indicates that the restricted use token may only be used a single time before expiring.

Deployment engine 620 may then send the unique URL to vendor computing device 630. A user accessing vendor computing device 630 may then read the unique URL and submit the unique URL via a user interface on customer-controlled computing device 610 to initiate the deployment of the software package. For example, in an embodiment, a user may enter in a curl command on the customer-controlled computing device 610. By submitting a command that includes the unique URL, the customer-controlled-computing device sends a request or command to the deployment engine 620 that includes the unique URL.

The deployment engine 620 is programmed or configured to receive the command from the customer-controlled computing device 610, parse and extract the restricted use token from the unique URL, and verify that the restricted use token is a valid restricted use token by comparing it to the previously stored validity data. In an embodiment, the restricted use token is valid only if the restricted use token has not previously been used or has not exceeded a use threshold, as determined by the validity data. In another embodiment, the restricted use token is further tested for validity to determine if the request that includes the restricted use token was sent in the previously stored time window, as stored in the validity data.

In an embodiment, deployment engine 620 may be further programmed or configured to throttle the number of requests it receives over a threshold time period so as to prevent brute force attacks from attempting to guess the restricted use token. For example, incoming requests may be throttled based on a threshold to only allow one request per minute, or some other frequency. If the number of requests that are received by deployment engine 620 exceed the throttle threshold, subsequent requests may automatically be determined to be invalid.

If the restricted use token is valid, the corresponding validity data is updated to indicate that the restricted use token has been used and a secure channel is created between customer-controlled computing device 610 and deployment engine 620. Deployment engine 620 is programmed or configured to use the secure channel to send the software package to customer-controlled computing device 610 for deployment and/or installation. In an embodiment, the software package may be a zip file, such as a .RAR, .ZIP, .TAR, or .GZ file. Once the software package has been sent, the secure channel is terminated. In an embodiment, deployment engine 620 may further store in an audit log information regarding the deployment, including one or more of: who generated the URL, whether the software package was successfully downloaded, a timestamp of when the software package was downloaded, or any other information related to the download of the software package.

If the restricted use token is determined to be invalid, then the deployment engine 620 does not send the software package to customer-controlled computing device 610. In an embodiment, the software package may have been previously generated by the deployment engine 620 in response to a command from vendor computing device 630.

In an embodiment, software deployment system 600 in FIG. 6 may be combined with the data extraction system 100 in FIG. 1 . For example, software deployment system 600 may be programmed or configured to deploy one or more of the bootstrappers 110 and 120, data extraction agents 112 and 122, and/or data extraction explorers 114 and 124 onto client system 102. The client system 102 may include the customer-controlled computing environment 602, and likewise, the server system 104 may include the vendor computing environment 604.

In other embodiments, the software deployment system 600 may be used to deploy any type of software package onto a customer-controlled computing device 610, and is not limited to the components of FIG. 1 .

3.0 Example Process

FIG. 3 illustrates a process 300 of extracting data from a data source. For purposes of illustrating a clear example, FIG. 3 is described with reference to data extraction system 100, but other embodiments may implement or execute the process 300 using other computer systems. FIG. 3 , and each other flow diagram in this disclosure, is intended to illustrate an algorithm that can be used as the basis of programming an implementation of one or more of the claims that are set forth herein, using digital computers and a programming language or development environment, and is illustrated and described at the level at which skilled persons, in the field to which this disclosure is directed, are accustomed to communicating with one another to identify or describe programs, methods, objects and the like that can provide a working system.

In step 302, a data extraction agent is programmed or configured to use an extraction job specification to check for new data records at a data source using the extraction job specification. In one embodiment, the data extraction agent receives the extraction job specification from an extraction job specification repository. The data extraction agent crawls the data source specified by the data source repository identifier of the extraction job specification in order to identify new data records. The data extraction agent crawls for new data records at the data source based on the schedule specified in the extraction job specification. Thus, in one embodiment, if the schedule indicates that new data records should be extracted every 30 seconds, the data extraction agent will crawl the data source every 30 seconds, based on the schedule, to identify new data records that have not been previously extracted. In another embodiment, the data extraction agent will continuously crawl the data source for new data records that have not been previously extracted, but will delay further processing until 30 seconds have elapsed since a prior transaction was sent to a server system, based on the schedule. Once the data extraction agent has identified new data records at the data source, the process 300 proceeds to step 304.

In step 304, the data extraction agent is programmed or configured to use the extraction job specification to extract new data records from the data source, as determined by step 302. In one embodiment, data extraction agent uses any configuration files, packages or libraries specified in the extraction job specification to extract data records from the data source. For example, the data extraction agent may use a JAR, DLL, device driver, or other package or library specified in the extraction job specification to perform the extraction from the data source. In one embodiment, the data extraction agent applies any inline processors specified in the extraction job specification to the extracted data records. For example, the data extraction agent may run a regular expression or SQL query against extracted data records, or may group certain data records together into a single transaction. Once the data extraction agent has extracted the new data records, the data extraction agent then creates one or more transactions that include the extracted data records. A transaction may be defined as a set of data and may include a set of one or more extracted data records. In one embodiment, a transaction may include additional metadata regarding the extracted data records, such as the data source repository identifier, a timestamp for extraction, details regarding one or more inline processors that were applied to the extracted data records, error codes or runtime exceptions that occurred during data extraction, an identifier of the data recipient for the extracted data records, or the like. Once the data extraction agent has generated a transaction, the process proceeds to step 306.

In step 306, the data extraction agent is programmed or configured to send the one or more transactions to the data record transformer identified by the data recipient identifier in the extraction job specification. The process proceeds to step 308.

In step 308, the data record transformer is programmed or configured to transform the extracted data records into transformed data records. The transform process may include applying business logic to the extracted data records, storing a copy of the extracted data records in a data storage device, or any other operation that modifies or manipulates the data records. In one embodiment, multiple data record transformers transform the extracted data records. For example, in one embodiment, multiple data record transformers transform the extracted data records serially in a pipeline. In another embodiment, multiple data record transformers transform the extracted data records in parallel. In yet another embodiment, multiple data record transformers transform the extracted data records in some combination of serial and/or parallel processing. Once the data record transformer has transformed the data records, the process proceeds to step 310.

In step 310, the data record consumer is programmed or configured to access the transformed data records. In one embodiment, the data record consumer may view the contents of the transformed data records by accessing the transformed data records in a data storage device. In another embodiment, the data record transformer sends the transformed data records to the data record consumer. In one embodiment, the data record consumer allows a user computer to view the contents of the transformed data records. In one embodiment, the data record consumer can generate reports regarding the transformed data and/or publish the transformed data. The process may then end, return control to a calling process, or transfer control to another process.

FIG. 7 illustrates a process 700 of deploying a software package. For purposes of illustrating a clear example, FIG. 7 is described with reference to software deployment system 600, but other embodiments may implement or execute the process 700 using other computer systems. FIG. 7 is intended to illustrate an algorithm that can be used as the basis of programming an implementation of one or more of the claims that are set forth herein, using digital computers and a programming language or development environment, and is illustrated and described at the level at which skilled persons, in the field to which this disclosure is directed, are accustomed to communicating with one another to identify or describe programs, methods, objects and the like that can provide a working system.

The process 700 may begin at step 702. In step 702, deployment engine 620 receives a request to generate a software package. In an embodiment, the request to generate the software package may be received from vendor computing device 630. In an embodiment, the request to generate the software package may include one or more configuration parameters for the generation of the software package. The process 700 may then proceed to step 704.

In step 704, deployment engine 620 is programmed or configured to generate a software package for deployment using the configuration parameters included in the request received in step 702. In one embodiment, deployment engine 620 retrieves computer code and compresses it to generate the software package. The compression format may be any known compression format, including, but not limited to .ZIP, .TAR, .GZ, and .RAR. In another embodiment, deployment engine 620 retrieves the software package from another source (not pictured). Deployment engine 620 may then optionally zip the software package retrieved. The process 700 may then proceed to step 706.

In step 706, deployment engine 620 is programmed or configured to randomly select N dictionary strings from dictionary 640. N may be any integer value greater than zero. The dictionary strings may be a combination of dictionary words, single alphanumeric characters, and/or non-alphanumeric symbols. In one embodiment, the value of N is randomly determined by deployment engine 620. In another embodiment, the value of N is a pre-stored value. To illustrate as an example, dictionary 640 may include various dictionary strings including the dictionary words “Apple”, “Blue”, “Carpet”, and “River”, and single alphanumeric characters “A”, “B”, “C”, “1”, “2”, and “3”. The value of N may be a pre-stored as three. Thus, deployment engine 620 will randomly select three dictionary strings from the dictionary 640. To further illustrate the example, assume that deployment engine 620 randomly selected the dictionary strings “Carpet”, “Apple”, and “3”. The process 700 may then proceed to step 708

In step 708, deployment engine 620 is programmed or configured to use the dictionary string(s) retrieved in step 706 to generate a restricted use token. In an embodiment, deployment engine 620 concatenates the dictionary strings to generate the restricted use token. Returning to the illustrative example above, deployment engine 620 may generate a restricted use token to be “CarpetApple3”. In another embodiment, the dictionary strings are concatenated together with a delimiter between each dictionary string to generate the restricted use token. For example, if the delimiter was a hyphen (“-”), then the restricted use token would be “Carpet-Apple-3”. The process 700 may then proceed to step 710.

In step 710, deployment engine 620 concatenates the restricted use token generated in step 708 with a previously stored URL root to generate a unique URL. In an embodiment, the previously stored URL root corresponds to an address that can be used to access the deployment engine 620. Returning to the illustrative example above, the URL root may be “https://www.example.com/”. Deployment engine 620 may concatenate the restricted use token to the end of the URL root to generate the following unique URL: “https://example.com/CarpetApple3”. The process 700 may then proceed to step 712

In step 712, deployment engine 620 is programmed or configured to store validity data for the unique URL generated in step 710. For example, deployment engine 620 may store validity data that includes a use threshold value that indicates the number of times the unique URL may be used. In an embodiment, this value may be configured to only allow a single use for any given restricted use token and corresponding unique URL. Deployment engine 620 may store additional validity data that indicates a time window during which the unique URL will remain valid. The process 700 may then proceed to step 714.

In step 714, deployment engine 620 sends the unique URL to vendor computing device 630 over a network communication. The process 700 may then proceed to step 716.

In step 716, deployment engine 620 may receive a command to deploy the software package. For example, the command may be sent by customer-controlled computing device 610. In an embodiment, the command may be sent over a newly initiated secure channel, such as an HTTPS connection. The command may include a URL string. In an embodiment, the command may be implemented as a curl command. Returning to the illustrative example above, the command in this case may be a curl command of the format: “curl-k https://example.com/CarpetApple3”. The process 700 may then proceed to step 718.

In step 718, deployment engine 620 is programmed or configured to test the validity of the URL string included in the command received in step 716. In an embodiment, deployment engine 620 may parse the extracted restricted use token out of the URL string, for example, isolating the last portion of the URL string following the last forward slash (“/”) character in the URL string. The validity of URL string is then further tested in steps 720 and/or 722.

In step 720, deployment engine 620 is optionally programmed use the previously stored validity data to determine if the extracted restricted use token is a valid token and if the number of uses of the restricted use token have exceeded the allowable threshold amount. For example, if the validity data indicates that any given restricted use token may only be used a single time, deployment engine 620 determines whether the extracted restricted use token has been previously used a single time. If the threshold for number of uses has been exceeded, then the extracted restricted use token, as well as the URL string, are determined to be invalid and the process 700 may proceed to step 728. Alternatively, if the extracted restricted use token does not match any previously stored restricted use token, then the extracted restricted use token is determined to be invalid and the process 700 may proceed to step 728. If the threshold for number of uses has not been exceeded, then the extracted restricted use token is determined to be valid and the process 700 may proceed to step 722.

In step 722, deployment engine 620 may optional determine whether the time window for the restricted use token, as specified in the validity data, is still valid. Deployment engine 620 is programmed or configured to compare the timestamp of when the unique URL was received to the time window for the restricted use token as stored in the validity data. If the timestamp falls within the time window, the restricted use token is considered valid and the process 700 may proceed to step 725. If the timestamp does not fall within the time window, then the restricted use token is considered invalid and the process may proceed to step 728.

In step 724, deployment engine 620 is programmed or configured to update the stored validity data for the restricted use token to indicate that the particular restricted use token has been used. In the case where a restricted use token has a threshold number of uses of a single use, this effectively prevents the restricted use token from being used again. By updating the stored validity data for the restricted use token, deployment engine 620 is able to deactivate the use of the restricted use token and its corresponding unique URL or limit the number of times that they may be used in the future. The process 700 may then proceed to step 726.

In step 726, deployment engine 620 is programmed or configured to download the software package generated in step 704 to the customer-controlled computing device 610 or another computing device specified in the command received in step 716 via a secure channel. In one embodiment, the secure channel was previously opened in step 716, however, in another embodiment, a new secure channel may be opened now. The process 700 may then proceed to step 728.

In step 728, the secure channel that was used to download the software package in step 726 is ended. The process 700 may then end.

In an embodiment, process 700 in FIG. 7 may be combined with process 300 in FIG. 3 . For example, process 700 may be used to deploy software packages for one or more of the bootstrappers 110 and 120, data extraction agents 112 and 122, and/or data extraction explorers 114 and 124 onto client system 102.

In other embodiments, process 700 may be used to deploy any type of software package onto a customer-controlled computing device 610, and is not limited to being used in the same context as process 300.

4.0 Implementation Mechanisms—Hardware Overview

Referring now to FIG. 4 , it is a block diagram that illustrates a basic computing device 400 in which the example embodiment(s) of the present invention may be embodied. Computing device 400 and its components, including their connections, relationships, and functions, is meant to be exemplary only, and not meant to limit implementations of the example embodiment(s). Other computing devices suitable for implementing the example embodiment(s) may have different components, including components with different connections, relationships, and functions.

Computing device 400 may include a bus 402 or other communication mechanism for addressing main memory 406 and for transferring data between and among the various components of device 400.

Computing device 400 may also include one or more hardware processors 404 coupled with bus 402 for processing information. A hardware processor 404 may be a general purpose microprocessor, a system on a chip (SoC), or other processor.

Main memory 406, such as a random access memory (RAM) or other dynamic storage device, also may be coupled to bus 402 for storing information and software instructions to be executed by processor(s) 404. Main memory 406 also may be used for storing temporary variables or other intermediate information during execution of software instructions to be executed by processor(s) 404.

Software instructions, when stored in storage media accessible to processor(s) 404, render computing device 400 into a special-purpose computing device that is customized to perform the operations specified in the software instructions. The terms “software”, “software instructions”, “computer program”, “computer-executable instructions”, and “processor-executable instructions” are to be broadly construed to cover any machine-readable information, whether or not human-readable, for instructing a computing device to perform specific operations, and including, but not limited to, application software, desktop applications, scripts, binaries, operating systems, device drivers, boot loaders, shells, utilities, system software, JAVASCRIPT, web pages, web applications, plugins, embedded software, microcode, compilers, debuggers, interpreters, virtual machines, linkers, and text editors.

Computing device 400 also may include read only memory (ROM) 408 or other static storage device coupled to bus 402 for storing static information and software instructions for processor(s) 404.

One or more mass storage devices 410 may be coupled to bus 402 for persistently storing information and software instructions on fixed or removable media, such as magnetic, optical, solid-state, magnetic-optical, flash memory, or any other available mass storage technology. The mass storage may be shared on a network, or it may be dedicated mass storage. Typically, at least one of the mass storage devices 410 (e.g., the main hard disk for the device) stores a body of program and data for directing operation of the computing device, including an operating system, user application programs, driver and other support files, as well as other data files of all sorts.

Computing device 400 may be coupled via bus 402 to display 412, such as a liquid crystal display (LCD) or other electronic visual display, for displaying information to user computer. In some configurations, a touch sensitive surface incorporating touch detection technology (e.g., resistive, capacitive, etc.) may be overlaid on display 412 to form a touch sensitive display for communicating touch gesture (e.g., finger or stylus) input to processor(s) 404.

An input device 414, including alphanumeric and other keys, may be coupled to bus 402 for communicating information and command selections to processor 404. In addition to or instead of alphanumeric and other keys, input device 414 may include one or more physical buttons or switches such as, for example, a power (on/off) button, a “home” button, volume control buttons, or the like.

Another type of user input device may be a cursor control 416, such as a mouse, a trackball, or cursor direction keys for communicating direction information and command selections to processor 404 and for controlling cursor movement on display 412. This input device typically has two degrees of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., y), that allows the device to specify positions in a plane.

While in some configurations, such as the configuration depicted in FIG. 4 , one or more of display 412, input device 414, and cursor control 416 are external components (i.e., peripheral devices) of computing device 400, some or all of display 412, input device 414, and cursor control 416 are integrated as part of the form factor of computing device 400 in other configurations.

Functions of the disclosed systems, methods, and modules may be performed by computing device 400 in response to processor(s) 404 executing one or more programs of software instructions contained in main memory 406. Such software instructions may be read into main memory 406 from another storage medium, such as storage device(s) 410. Execution of the software instructions contained in main memory 406 cause processor(s) 404 to perform the functions of the example embodiment(s).

While functions and operations of the example embodiment(s) may be implemented entirely with software instructions, hard-wired or programmable circuitry of computing device 400 (e.g., an ASIC, a FPGA, or the like) may be used in other embodiments in place of or in combination with software instructions to perform the functions, according to the requirements of the particular implementation at hand.

The term “storage media” as used herein refers to any non-transitory media that store data and/or software instructions that cause a computing device to operate in a specific fashion. Such storage media may comprise non-volatile media and/or volatile media. Non-volatile media includes, for example, non-volatile random access memory (NVRAM), flash memory, optical disks, magnetic disks, or solid-state drives, such as storage device 410. Volatile media includes dynamic memory, such as main memory 406. Common forms of storage media include, for example, a floppy disk, a flexible disk, hard disk, solid-state drive, magnetic tape, or any other magnetic data storage medium, a CD-ROM, any other optical data storage medium, any physical medium with patterns of holes, a RAM, a PROM, and EPROM, a FLASH-EPROM, NVRAM, flash memory, any other memory chip or cartridge.

Storage media is distinct from but may be used in conjunction with transmission media. Transmission media participates in transferring information between storage media. For example, transmission media includes coaxial cables, copper wire and fiber optics, including the wires that comprise bus 402. Transmission media can also take the form of acoustic or light waves, such as those generated during radio-wave and infra-red data communications.

Various forms of media may be involved in carrying one or more sequences of one or more software instructions to processor(s) 404 for execution. For example, the software instructions may initially be carried on a magnetic disk or solid-state drive of a remote computer. The remote computer can load the software instructions into its dynamic memory and send the software instructions over a telephone line using a modem. A modem local to computing device 400 can receive the data on the telephone line and use an infra-red transmitter to convert the data to an infra-red signal. An infra-red detector can receive the data carried in the infra-red signal and appropriate circuitry can place the data on bus 402. Bus 402 carries the data to main memory 406, from which processor(s) 404 retrieves and executes the software instructions. The software instructions received by main memory 406 may optionally be stored on storage device(s) 410 either before or after execution by processor(s) 404.

Computing device 400 also may include one or more communication interface(s) 418 coupled to bus 402. A communication interface 418 provides a two-way data communication coupling to a wired or wireless network link 420 that is connected to a local network 422 (e.g., Ethernet network, Wireless Local Area Network, cellular phone network, Bluetooth wireless network, or the like). Communication interface 418 sends and receives electrical, electromagnetic, or optical signals that carry digital data streams representing various types of information. For example, communication interface 418 may be a wired network interface card, a wireless network interface card with an integrated radio antenna, or a modem (e.g., ISDN, DSL, or cable modem).

Network link(s) 420 typically provide data communication through one or more networks to other data devices. For example, a network link 420 may provide a connection through a local network 422 to a host computer 424 or to data equipment operated by an Internet Service Provider (ISP) 426. ISP 426 in turn provides data communication services through the world wide packet data communication network now commonly referred to as the “Internet” 428. Local network(s) 422 and Internet 428 use electrical, electromagnetic or optical signals that carry digital data streams. The signals through the various networks and the signals on network link(s) 420 and through communication interface(s) 418, which carry the digital data to and from computing device 400, are example forms of transmission media.

Computing device 400 can send messages and receive data, including program code, through the network(s), network link(s) 420 and communication interface(s) 418. In the Internet example, a server 430 might transmit a requested code for an application program through Internet 428, ISP 426, local network(s) 422 and communication interface(s) 418.

The received code may be executed by processor 404 as it is received, and/or stored in storage device 410, or other non-volatile storage for later execution.

5.0 Implementation Mechanisms—Software Overview

FIG. 5 is a block diagram of a software system 500 that may be employed for controlling the operation of computing device 400. Software system 500 and its components, including their connections, relationships, and functions, is meant to be exemplary only, and not meant to limit implementations of the example embodiment(s). Other software systems suitable for implementing the example embodiment(s) may have different components, including components with different connections, relationships, and functions.

Software system 500 is provided for directing the operation of computing device 400. Software system 500, which may be stored in system memory (RAM) 406 and on fixed storage (e.g., hard disk or flash memory) 410, includes a kernel or operating system (OS) 510.

The OS 510 manages low-level aspects of computer operation, including managing execution of processes, memory allocation, file input and output (I/O), and device I/O. One or more application programs, represented as 502A, 502B, 502C . . . 502N, may be “loaded” (e.g., transferred from fixed storage 410 into memory 406) for execution by the system 500. The applications or other software intended for use on device 500 may also be stored as a set of downloadable computer-executable instructions, for example, for downloading and/or installation from an Internet location (e.g., a Web server, an app store, or other online service).

Software system 500 includes a graphical user interface (GUI) 515, for receiving user commands and data in a graphical (e.g., “point-and-click” or “touch gesture”) fashion. These inputs, in turn, may be acted upon by the system 500 in accordance with instructions from operating system 510 and/or application(s) 502. The GUI 515 also serves to display the results of operation from the OS 510 and application(s) 502, whereupon the user computer may supply additional inputs or terminate the session (e.g., log off).

OS 510 can execute directly on the bare hardware 520 (e.g., processor(s) 404) of device 400. Alternatively, a hypervisor or virtual machine monitor (VMM) 530 may be interposed between the bare hardware 520 and the OS 510. In this configuration, VMM 530 acts as a software “cushion” or virtualization layer between the OS 510 and the bare hardware 520 of the device 400.

VMM 530 instantiates and runs one or more virtual machine instances (“guest machines”). Each guest machine comprises a “guest” operating system, such as OS 510, and one or more applications, such as application(s) 502, designed to execute on the guest operating system. The VMM 530 presents the guest operating systems with a virtual operating platform and manages the execution of the guest operating systems.

In some instances, the VMM 530 may allow a guest operating system to run as if it is running on the bare hardware 520 of device 400 directly. In these instances, the same version of the guest operating system configured to execute on the bare hardware 520 directly may also execute on VMM 530 without modification or reconfiguration. In other words, VMM 530 may provide full hardware and CPU virtualization to a guest operating system in some instances.

In other instances, a guest operating system may be specially designed or configured to execute on VMM 530 for efficiency. In these instances, the guest operating system is “aware” that it executes on a virtual machine monitor. In other words, VMM 530 may provide para-virtualization to a guest operating system in some instances.

The above-described basic computer hardware and software is presented for purpose of illustrating the basic underlying computer components that may be employed for implementing the example embodiment(s). The example embodiment(s), however, are not necessarily limited to any particular computing environment or computing device configuration. Instead, the example embodiment(s) may be implemented in any type of system architecture or processing environment that one skilled in the art, in light of this disclosure, would understand as capable of supporting the features and functions of the example embodiment(s) presented herein.

6.0 Other Aspects of Disclosure

Using the systems and/or processing methods described herein, it is possible to rapidly and efficiently deploy a data extraction system. The present data extraction system is programmatic and can be deployed to a new client system infrastructure with minimal knowledge of the hardware implementation or other infrastructure details of the client system. Moreover, the present data extraction system can be deployed without the need for custom scripting.

Additionally, the present data extraction system provides various security advantages over existing data extraction techniques. By segregating the data transformation processes from the data extraction agent, the present system ensures that multiple parties can manage the data extraction at the client system without interference from business logic that may modify the data records. Any relevant business logic, including business logic that requires transforming the data records, will be applied to data records at the server system instead of the client system.

Moreover, the present data extraction system provides more reliability for pipeline of downstream data record transformers and/or data record consumers. Failure during data extraction of data records can cause many problems to downstream systems that rely on those extracted data records. Such pipelines of data are thus fragile. Using custom scripting to perform data extraction of data records increases the likelihood of failures during data extraction of data records, as any bugs or loopholes in a custom script will affect the ability of the custom script to perform data extraction. The present system avoids such custom scripts, thereby improving the stability of the data extraction system and improving the reliability of the pipeline of systems that rely on the data records being extracted.

Although some of the figures described in the foregoing specification include flow diagrams with steps that are shown in an order, the steps may be performed in any order, and are not limited to the order shown in those flowcharts. Additionally, some steps may be optional, may be performed multiple times, and/or may be performed by different components. All steps, operations and functions of a flow diagram that are described herein are intended to indicate operations that are performed using programming in a special-purpose computer or general-purpose computer, in various embodiments. In other words, each flow diagram in this disclosure, in combination with the related text herein, is a guide, plan or specification of all or part of an algorithm for programming a computer to execute the functions that are described. The level of skill in the field associated with this disclosure is known to be high, and therefore the flow diagrams and related text in this disclosure have been prepared to convey information at a level of sufficiency and detail that is normally expected in the field when skilled persons communicate among themselves with respect to programs, algorithms and their implementation.

In the foregoing specification, the example embodiment(s) of the present invention have been described with reference to numerous specific details. However, the details may vary from implementation to implementation according to the requirements of the particular implement at hand. The example embodiment(s) are, accordingly, to be regarded in an illustrative rather than a restrictive sense. 

The invention claimed is:
 1. A method comprising: generating a unique URL for a software package, wherein the unique URL comprises a restricted use token string, the restricted use token string comprising N dictionary strings randomly selected from a linguistic dictionary comprising a plurality of candidate dictionary strings and a value of N being randomly selected from a set of positive integers; receiving, at a server, a deployment command, wherein the deployment command comprises the unique URL; and in response to receiving the deployment command, sending the software package over a secure channel, wherein the method is performed using one or more processors.
 2. The method of claim 1, wherein each candidate dictionary string of the plurality of candidate dictionary strings comprises a dictionary word.
 3. The method of claim 1, wherein the N dictionary strings comprises a plurality of dictionary strings.
 4. The method of claim 3, wherein the restricted use token comprises concatenating the plurality of dictionary strings with a delimiter between each of the plurality of dictionary strings.
 5. The method of claim 1, further comprising: storing validity data regarding the restricted use token string; and determining whether the deployment command is valid by comparing an extracted portion of the deployment command with the validity data for the restricted use token string.
 6. The method of claim 5, wherein the validity data comprises a threshold number of uses for the restricted use token string and determining whether the deployment command is valid comprises: determining that the extracted portion of the deployment command matches the restricted use token string; and determining whether the threshold number of uses for the restricted use token string has been exceeded or not.
 7. The method of claim 5, wherein the validity data comprises a time range for the restricted use token string and determining whether the deployment command is valid comprises: determining that the extracted portion of the deployment command matches the restricted use token string; and determining whether the deployment command was received in the time range.
 8. The method of claim 1, further comprising: generating, by the server, the software package; and deactivating, the unique URL on the server.
 9. The method of claim 1, wherein the software package comprises a data extraction agent that is programmed or configured to perform data extraction of data records from a data source.
 10. One or more non-transitory computer readable storage media storing instruction, which when executed by one or more processors, cause: generating a unique URL for a software package, wherein the unique URL comprises a restricted use token string, the restricted use token string comprising N dictionary strings randomly selected from a linguistic dictionary comprising a plurality of candidate dictionary strings and a value of N being randomly selected from a set of positive integers; receiving, at a server, a deployment command, wherein the deployment command comprises the unique URL; and in response to receiving the deployment command, sending the software package over a secure channel.
 11. The one or more non-transitory computer readable storage media of claim 10, wherein each candidate dictionary string of the plurality of candidate dictionary strings comprises a dictionary word.
 12. The one or more non-transitory computer readable storage media of claim 10, wherein the N dictionary strings comprises a plurality of dictionary strings.
 13. The one or more non-transitory computer readable storage media of claim 12, wherein the restricted use token comprises concatenating the plurality of dictionary strings with a delimiter between each of the plurality of dictionary strings.
 14. The one or more non-transitory computer readable storage media of claim 10, further comprising instructions, which when executed by the one or more processors, cause: storing validity data regarding the restricted use token string; and determining whether the deployment command is valid by comparing an extracted portion of the deployment command with the validity data for the restricted use token string.
 15. The one or more non-transitory computer readable storage media of claim 14, wherein the validity data comprises a threshold number of uses for the restricted use token and determining whether the deployment command is valid comprises: determining that the extracted portion of the deployment command matches the restricted use token string; and determining whether the threshold number of uses for the restricted use token string has been exceeded or not.
 16. The one or more non-transitory computer readable storage media of claim 14, wherein the validity data comprises a time range for the restricted use token string and determining whether the deployment command is valid comprises: determining that the extracted portion of the deployment command matches the restricted use token string; and determining whether the deployment command was received in the time range.
 17. The one or more non-transitory computer readable storage media of claim 10, further comprising instructions, which when executed by the one or more processors, cause: generating, by the server, the software package; and deactivating, the unique URL on the server.
 18. The one or more non-transitory computer readable storage media of claim 10, wherein the software package comprises a data extraction agent that is programmed or configured to perform data extraction of data records from a data source. 